The Surreal Case of a C.I.A. Hacker’s Revenge
June 7, 2022 9:59 AM   Subscribe

A hot-headed coder is accused of exposing the agency’s hacking arsenal. Did he betray his country because he was pissed off at his colleagues? by Patrick Radden Keefe Nestled west of Washington, D.C., amid the bland northern Virginia suburbs, are generic-looking office parks that hide secret government installations in plain sight. Employees in civilian dress get out of their cars, clutching their Starbucks, and disappear into the buildings. To the casual observer, they resemble anonymous corporate drones. In fact, they hold Top Secret clearances and work in defense and intelligence. One of these buildings, at an address that is itself a secret, houses the cyberintelligence division of the Central Intelligence Agency. The facility is surrounded by a high fence and monitored by guards armed with military-grade weapons. When employees enter the building, they must badge in and pass through a full-body turnstile. Inside, on the ninth floor, through another door that requires badge access, is a C.I.A. office with an ostentatiously bland name: the Operations Support Branch. It is the agency’s secret hacker unit, in which a cadre of élite engineers create cyberweapons.

On March 7, 2017, the Web site WikiLeaks launched a series of disclosures that were catastrophic for the C.I.A. As much as thirty-four terabytes of data—more than two billion pages’ worth—had been stolen from the agency. The trove, billed as Vault 7, represented the single largest leak of classified information in the agency’s history. Along with a subsequent installment known as Vault 8, it exposed the C.I.A.’s hacking methods, including the tools that had been developed in secret by the O.S.B., complete with some of the source code. “This extraordinary collection . . . gives its possessor the entire hacking capacity of the C.I.A.,” WikiLeaks announced. The leak dumped out the C.I.A.’s toolbox: the custom-made techniques that it had used to compromise Wi-Fi networks, Skype, antivirus software. It exposed Brutal Kangaroo and AngerQuake. It even exposed McNugget.

A tale that starts with the so called 'deep state' and ends with pro-se representation. Each twist felt both shocking, but also unsurprising.

[previously 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]
posted by Carillon (70 comments total) 17 users marked this as a favorite
New worst human being ever just dropped.
posted by acb at 10:17 AM on June 7 [4 favorites]

To the casual observer, they resemble anonymous corporate drones

Fuck you, enlightened New Yorker writer.
posted by Abehammerb Lincoln at 10:27 AM on June 7 [25 favorites]

Content alerts for this utter garbage human: child sexual-abuse material, sexual harassment, racism, unbridled hypocritical libertarianism

I read this with an eye to assigning it in my "human factors in infosec" class, but nah. I don't need to subject people (or, for that matter, myself) to this waste of oxygen.
posted by humbug at 10:30 AM on June 7 [3 favorites]

I reckon being pissed off with your colleagues must be at the very least in the top 3 reasons for betraying one's country. Money/power, ideology and that one colleague who won't stop talking over you to take credit for that thing you just bloody said. Those are the big ones, as far as I can see.
posted by howfar at 10:30 AM on June 7 [12 favorites]

I think number one is when someone thinks they aren't being sufficiently recognized and validated by whatever organization they're in. So, being mad at your peers, but mostly being mad at your boss.
posted by BungaDunga at 10:46 AM on June 7 [3 favorites]

To the casual observer, they resemble anonymous corporate drones. In fact, they hold Top Secret clearances and work in defense and intelligence.

The author wanted to write a story first, and then an article later:
"The number of Americans who possess a security clearance has swelled to more than five million, because classification has swathed in secrecy so many functions of defense and intelligence work."

Also this should be a Harvard HR case study on how not to handle situations like this.
posted by The_Vegetables at 10:50 AM on June 7

Fuck you, enlightened New Yorker writer.

This is Patrick Radden Keefe.
posted by praemunire at 11:05 AM on June 7 [1 favorite]

> BungaDunga: "I think number one is when someone thinks they aren't being sufficiently recognized and validated by whatever organization they're in."

If I recall correctly, Mark Felt (aka Deep Throat) leaked to Woodward and Bernstein because he didn't get a promotion (or was otherwise stymied in his FBI career).
posted by mhum at 11:11 AM on June 7 [6 favorites]

in the eternal words of the same rag's caption competition: Christ, what an asshole!
posted by scruss at 11:12 AM on June 7 [5 favorites]

I love reading the New Yorker for the old-timey editorial throwbacks like "capitalizing internet" or "treating 'website' like it is two words"

I am pretty sure their ideal core target audience is an elderly man in slippers and a smoking jacket, holding his snifter of brandy and trying not to let his monocle fall out when he reads the shocking tales within
posted by caution live frogs at 11:18 AM on June 7 [13 favorites]

Forgive me for risking a derail, but I don't understand this:
"To the casual observer, they resemble anonymous corporate drones"

Fuck you, enlightened New Yorker writer.

The comparison seems apt to me, given that there is often a uniformity of dress and behavior of people going to work in office parks. But I'm clearly missing something here.
posted by minervous at 11:26 AM on June 7 [13 favorites]

"Corporate drones" is pretty broadly dismissive and scornful, especially combined with "anonymous." It hints that the writer thinks he is Super Speshul and Above All That Corporate Sameness. I can absolutely understand how that would be repellent to a reader working in a for-profit sector.
posted by humbug at 11:41 AM on June 7 [14 favorites]

Huh. “One of the passwords let the investigators bypass the encryption on the virtual machine.” No, enlightened New Yorker writer, the password let the investigators DECRYPT the machine. That's how an encryption password works. It's the key that unlocks the data. It doesn't let you bypass it. Geez.
posted by caution live frogs at 11:59 AM on June 7 [7 favorites]

The two coworkers make a big show of not liking each other, and the one named Mole — sorry, "A Mol" — is the one who didn't go to prison? This is my inner conspiracy theorist talking, but it sounds like the plan to put A Mol in the CIA worked.
posted by emelenjr at 12:03 PM on June 7 [8 favorites]

I really enjoyed the article, knowing very little about the underlying subject material. I find PRK a clear and compelling writer.
posted by hepta at 12:08 PM on June 7 [5 favorites]

I love reading the New Yorker for the old-timey editorial throwbacks like "capitalizing internet" or "treating 'website' like it is two words"

Don’t forget all the quaint diacritical marks!

I sent this to my GF for her take on it; she is a computer analyst for the NSA so can bring a little more background to it than most of us.
posted by TedW at 12:13 PM on June 7 [10 favorites]

Well that was a story.

It was interesting for all its twists and turns, but when you boil it down to its essence it loses its luster. It's just another white manbaby edgelord being shocked! Shocked, I say! at the realization that there are consequences to his actions and that he isn't actually the hero of everyone's story.

Also, if what the article says is true, I'd put the balance of probabilities on his having done it even setting aside his general asshattery.
posted by wierdo at 12:17 PM on June 7 [7 favorites]

This whole story kind of puts me in the mind of the final scene of Burn After Reading. It's a big ol' clusterfuck, there are no heroes in the story, and no one has learned a goddamn thing.

CIA Boss : What did we learn, Palmer?
Palmer : I don't know, sir.
CIA Boss : I don't fuckin' know either. I guess we learned not to do it again.
Palmer : Yes, sir.
CIA Boss : I'm fucked if I know what we did.
Palmer : Yes, sir, it's, uh, hard to say.
posted by Mayor West at 12:28 PM on June 7 [21 favorites]

I looked a bit askance at this:

Every day of the trial, a small posse of blond women in professional garb arrived and sat together, observing. They kept to themselves and didn’t speak to anyone else, but it was generally understood that they were lawyers or officials from the C.I.A. Their facial expressions uniformly unrevealing, they came and went in lockstep, like Stepford Wives, but they radiated muted power.

"Stepford Wives" is a sexist cliche in this context. If it were a group of men, having the same general appearance, demeanor, and dress code, especially in government service, would be utterly unremarkable. Did they literally come and go in lockstep?
posted by Halloween Jack at 12:35 PM on June 7 [27 favorites]

If it were a group of men...

You also wouldn't feel the need to mention their hair color. Not great from PRK whose writing I otherwise really like.
posted by The Bellman at 12:42 PM on June 7 [13 favorites]

I enjoyed this.

I've had friends who have gone through the hiring/interview process for Various Government Agencies That Deal In Confidential Stuff, and I'll admit to being disappoint that is guy's whole swastika-drawing/child porn/sexual assault/bullying schtick (which seems to have started before he started at the CIA) didn't seem to have any effect on his getting offered a job.

On the other hand, confirms my bad day, cynical, largely uninformed opinions about the CIA.

I will admit to being a fan of New Yorker pieces, quaint or not, and Patrick Radden Keefe, though the Stepford Wives line took me out of the article too.
posted by thivaia at 1:15 PM on June 7 [9 favorites]

What a great, if infuriating, story, well told. I'm shocked that this idiot's security practices around his passwords seems to be weaker than mine, and I'm not committing crimes against national security. Strongly agree with others that it's a real scandal that someone with his profile passed a CIA background check.
posted by biogeo at 1:27 PM on June 7 [6 favorites]

I lived in the DC burbs for 20 years and had a few FBI agents, and many 22 year old contractors, show up at my door to ask questions about my neighbors. The FBI agents, as you would expect, seemed like they knew what they were doing. The kids, who all looked fresh out of college, clearly were just asking the questions on the list and checking off my answers. My neighbor could have been Vladimir Putin, and they would have neither noticed nor cared.
posted by COD at 1:33 PM on June 7 [3 favorites]

Christ, what an asshole.
posted by rmd1023 at 1:35 PM on June 7 [1 favorite]

that is guy's whole swastika-drawing/child porn/sexual assault/bullying schtic

CIA so used to supplying weapons to people like this, they forgot they were not supposed to hire them too
posted by Iax at 2:10 PM on June 7 [17 favorites]

Not gonna lie, if this disgusting garbage human is willingly to totally crash out trying to pull the cards of the CIA, Federal Bureau of Prisons, and Justice Department, I'm rooting for him - even knowing that he's an awful probable sociopath. That said, I won't be upset if he goes down for a few decades over the child porn / sexual assault charges.

Side note, I got a degree in computer science many years ago, and spent enough time around antisocial proto chan weirdos to recognize this guys personality type straight off the bat in the article. I never met anybody (that I know of) as extremely terrible as this guy, but he is definitely a TYPE. I both can and can't believe that nobody in the fed vetting process recognized what a fucking freak they had on their hands and just let him run amok in the CIA's super duper secret hacking network.
posted by youthenrage at 2:23 PM on June 7 [5 favorites]

Also - the article got a lot of eye rolls from me about trying to parse good leaks/leakers from "bad" leaks/leakers. I guess a generous explanation would be that the author had to wring his hands a little bit over that shit in order to keep his sources happy but give me a break.
posted by youthenrage at 2:26 PM on June 7 [1 favorite]

At least the editors’ tolerance of inconsistent and/or journalistically unprofessional tone let us enjoy this zinger: Ayn Rand fanboys are not exactly famous for their doctrinal consistency
posted by mubba at 3:04 PM on June 7 [16 favorites]

Frankly, toppers (borrowing the term from Dilbert) don't need reasons other than ego, consequences be darned.

There were MANY instances of people quoting / uploading / sharing CLASSIFIED information just to top someone else in War Thunder. The most recent was revealed only a few days ago, when someone leaked classified SABOT round info on the Chinese round just to try to get a stat boost for their favorite tanks. Previously people have leaked classified info on British and French tanks... for similar reasons.

So perfectly believable, yes.
posted by kschang at 3:07 PM on June 7 [4 favorites]

Christ, what an asshole.

That being said, everybody is pointing out the anonymous corporate drones bit when "From the whoopie-cushion antics of Elon Musk to the Panglossian implacability of Mark Zuckerberg, a particular personality profile dominates these times: the boy emperor." is right there?

Holy shit, I can taste the derision in that sentence.
posted by Sphinx at 3:56 PM on June 7

I sorta am confused about how all this data got leaked. 34 terabytes? and no internet connection? I sorta know networks, and if we, where I work, see a sudden spike in network traffic, it sets off alarms. I'd expect people are not allowed into a classified site carrying a portable DVD drive. There are so many security failures here to try and figure out how the data got out.
posted by baegucb at 3:58 PM on June 7 [3 favorites]

The derision is what makes it good. Tech bros are destroying our society and are rewarded for it. I like the pushback.
posted by biogeo at 4:03 PM on June 7 [21 favorites]

He was a devotee of Ayn Rand, and came to believe that, as he put it, “there is nothing evil about rational selfishness.”
who'd have guessed
posted by Flunkie at 5:13 PM on June 7 [6 favorites]

Speaking of monocles popping, ‘Oh won’t someone think of the poor corporate drones and boy emperors’ is a funny takeaway.
posted by aspersioncast at 5:39 PM on June 7 [15 favorites]

I'd expect people are not allowed into a classified site carrying a portable DVD drive.

Assuming you mean a DVD burner, a DL DVD is about 8.5GB. So, that's about 4000 DVDs. At 8x burning speed, you'd spend about 1334 hours burning those DVDs, just the time to burn the disk, not the time to create the disk and do all the other stuff.

I don't think you're going to get 34TB out on that kind of hard media.
posted by hippybear at 5:58 PM on June 7 [3 favorites]

Yeah, fuck anybody who works at a corporation. Just drones man, just drones. Whatever, Metafilter, some of us need a buck. Too bad I missed out on a virtuous profession and instead snagged my glamorous helping people with their computers job. I’m practically Elon Musk!
posted by Abehammerb Lincoln at 6:03 PM on June 7 [7 favorites]

hippybear, That's why I am confused. Where I work everything is encrypted, and raid arrays and petabytes of data. So how is someone going to get that much data out? I could get small amounts of data out. But the FBI auditors checked us out a couple of years ago (amongst various auditors). I think I know how to bypass security and the network where I work (absolutely unethical), but all that data? Weird. Some sort of red flag would show up. But I have worked with jerks all my career. The CIA doesn't check this? Very odd.
posted by baegucb at 6:22 PM on June 7 [5 favorites]

I sorta am confused about how all this data got leaked. 34 terabytes? and no internet connection?

Okay, so, the alleged perp's main job was as a sysadmin, and his bosses didn't revoke his system privileges nearly as fast as they should have. This likely made data exfiltration massively easier for him than for an outsider, because he'd still have been in usergroups responsible for things like backups -- as the prosecution noted, the leak bore a tremendous resemblance to a specific backup that alleged-perp had "accessed." (Irritating verb. Doesn't tell me anything. Which is probably the point, of course.)

He didn't necessarily have to send it out of the org over the network -- that's a slow way to do it, and fairly likely to be noticed. (Though consider Equifax!) Faster and likely safer is good old sneakernet: copy to a few external hard drives (they come in 10-20TB sizes these days) or a NAS/SAN or a blade or whatever, then take the physical device out of the building and upload to Wikileaks from elsewhere. After all... he's a sysadmin, storage gizmos are well within his work purview, and so is accessing server storage.

Insider threat is a real bummer. Which is not to say I excuse the CIA here; as the article points out several times, their security practices were pretty lax. I also agree with commenters above that their hiring practices were horrendous.
posted by humbug at 6:32 PM on June 7 [8 favorites]

Sorry for my tirade above. I work real hard at a place. Definitely agree corporations as entities ain’t great. Just trying to keep medical insurance for my special needs child. I promise it isn’t a place making poison or selling guns to nuts. I don’t think I’ve ever met a real techbro millionaire type. I’ve seen a few around, but I’m not in the rich kids circle. Being dismissed as a drone because of the realities I live with kind of sucks.
posted by Abehammerb Lincoln at 6:43 PM on June 7 [24 favorites]

Thank you humbug. I was not aware of external drives that size. When I see someone from our security group, I will let them know.
posted by baegucb at 6:45 PM on June 7 [1 favorite]

Another way for a sysadmin to do it, since I mentioned Equifax, could be "oops! golly gosh, butterfingers, look at me, 'accidentally' disabling the network-edge traffic analyzer that raises alarms when people try to send out a crapton of data..." In an organization with enough IT staff redundancy, I'd be inclined not to try this -- again, very likely to be noticed quickly (especially after Equifax).

But something like it is possible.
posted by humbug at 6:46 PM on June 7 [1 favorite]

I sent this to my GF for her take on it; she is a computer analyst for the NSA so can bring a little more background to it than most of us.

I wanna know what she says but also are you supposed to tell us that?
posted by grobstein at 7:05 PM on June 7 [7 favorites]

Oh no. Now he has to kill us all.
posted by hippybear at 7:13 PM on June 7 [10 favorites]

Just out of curiosity, were there external 10 TB drives back in 2017? or 20TB?
posted by baegucb at 7:19 PM on June 7

Good question! Backblaze was using 10TB and 12TB drives in 2017. You're right about 20TB drives, though -- looks like 2021 for those.

External, internal, meh -- shouldn't make that much difference. Throw it in an enclosure and it's good.
posted by humbug at 7:26 PM on June 7 [1 favorite]

"Corporate drones," "the rat race," "suits," and the like are all commonly-used idioms acknowledging, in a mildly bleak way but not so bleak as to cause despair, the depersonalizing effects of living within the type of weakly-fettered capitalist system that we do. No individual person is truly a corporate drone (well, maybe a few are), but en masse the corporate drone, as a class, is certainly quite visible at these Northern Virginia office parks. I don't think it's a term of abuse here, merely a means of conjuring an image. I'd gently suggest that if the term feels like it's hitting close to home, it could be the toxicity of the capitalist milieu that's really upsetting you, not the label. Perhaps I'm wrong, and if so I apologize for being presumptuous.
posted by biogeo at 7:29 PM on June 7 [27 favorites]

I suspect, but am not certain, that being mostly source code and documentation of said source that most of the 34 terabytes are highly compressible text. Even a fast compression algorithm would have no problem getting 10:1 out of that. Plus, if he stole the backup there's a good chance it was already compressed, so no need for his laptop or whatever to sit there crunching away at it for an inordinate length of time.

Still, it probably took 4-5 hours just to do the copy across the network. Still not terribly likely to be noticed in an office where the concern is external threats, not internal ones. Exfiltrating the physical media was somewhat risky, though.
posted by wierdo at 7:42 PM on June 7 [3 favorites]

hmph. Is all I will say. No way 34 TB can be gotten out of a secure CIA facility. I'm actually amused trying to figure out how.
posted by baegucb at 7:51 PM on June 7

a laptop with room for two 2.5" hard drives. i have two like that and i don't even work for the feds. and who says ("up to") 34TB have to be exfil'd in one event, it could have been spread out over multiple trips, especially if the local site culture was lax shit and also you're the admin who monitors the logs and runs the backups. i can think of a bunch of shit i could do like for example ad hoc broken mirror sets on backup targets.
posted by glonous keming at 8:10 PM on June 7 [2 favorites]

Drones are, like, the best bees.

(I didn't read it as an insult, either. I've described myself that way to indicate the... Lack of solidarity with my employers at times)
posted by Acari at 8:43 PM on June 7 [4 favorites]

Schulte appears to be a cast-iron asshole, and is basically the villain he appears to be.

But from the CIA's perspective, or any similar organization's, he's not really the one who screwed up. The existence of disgruntled, unstable, entitled jackasses pretty much needs to be taken on premise. No attempt to "well, just don't hire assholes" is ever going to be 100% effective. There are always jerks and sociopaths who will manage to talk their way through interviews, and a perfectly well-gruntled person can become disaffected over time.

The fault for the leak, such as it is, falls mostly on "Karen", his manager. It's hard not to feel bad for her, whoever she is, for being put in charge of a nerd-ragey Randian man-child—is there anything that would make you long for a bunch of dead-eyed government psychopaths to manage instead?

But if the story is even half true, there were a lot of opportunities for Schulte's employer to realize they had a problem on their hands. Even at agencies that have a no-firing policy, he could have been managed away from access to classified material. Somebody didn't pull the plug on him when they should have. Why that didn't happen is the question they should be spending their time and effort investigating.
posted by Kadin2048 at 10:00 PM on June 7 [13 favorites]

Tangentially, “surreal” is a lazy word that’s just embarrassing in a headline.
posted by gottabefunky at 10:50 PM on June 7 [5 favorites]

Aside from many of the same the points that have already been well made in this thread, I was disheartened in this story to read that his prosecution had failed to sway the jury partly because they couldn't get their points across. If Schulte is able to manage, over successive rounds of litigation, to get a "not guilty" verdict because nobody can explain how what he's doing and how he's behaving are actually incriminating, that will really stink.
posted by pulposus at 11:06 PM on June 7 [6 favorites]

I love reading The New Yorker for the old-timey editorial throwbacks like "capitalizing internet" or "treating 'website' like it is two words"[.]
I understand why it wouldn't, but (especially considering the usage of "Stepford Wives" in the same passage) I'm a little surprised that their style guide doesn't maintain the gendered distinction of "blond" versus "blonde".
posted by Strutter Cane - United Planets Stilt Patrol at 12:47 AM on June 8 [3 favorites]

The security clearance thing is a puzzle -- why wasn't it flagged at Schulte's NSA student internship? ...and why wasn't the scrutiny reviewed once he'd got deeper into the clandestine services? ...and why wasn't that blogging noted as free speech but eliminated him from the candidate pool? (I guess you might read in a desperation for bodies, particularly skilled ones, willing to show up and do work in the early 2000's.)

Then the managers in the agency failed to manage Schulte's behaviour, when it became an ongoing concern it looks like it was fumbled collectively as 'somebody else's problem'. It escalated up the ranks and and nobody chased it down to ensure it was resolved.

What kind of a character is Schultz? Is Schultz manageable? There's a line where the article says he drew swastikas to get a rise out of people, which I'll say aligns him with Chan/Qanon nihilists. If that's the case he'll always be trolling and always a menace to the authority of his bosses tasking him with work. Maybe that's wrong and he's not a nihilist but a grifter who's always going to wangle his circumstances for status and power, albeit within a contemporary cultural current of "replacement" thinking (notably power-adjacent white people who believe they lose status as equality and equity bring about sharing with previously-marginalised people of any other group).

The computers should have logged everyone's activity without exception in a way that would have flagged if he'd used administrative privileges to hide activity by disabling the logging. The case against him should have been elicidated a good-behaviour guilty plea to help mitigate the charges around the sexually exploitative images of children. We're left even without a clear motive for the leak. I'd infer that (Snowden's phrase) Tailored Access Operations were used on USA soil or on USA citizens abroad, and this crossed some line for Schulte concerning an individual's rights.
posted by k3ninho at 4:31 AM on June 8 [1 favorite]

hmph. Is all I will say. No way 34 TB can be gotten out of a secure CIA facility. I'm actually amused trying to figure out how.

This is actually a critically important thought process in infosec and infosec-aware sysadminning -- it's called "adversarial thinking." How would an asshole like the alleged perp (who is honestly just tailormade for an adversary persona, isn't he?) do Bad Things given the human and technological structures around him?

A central axiom of adversarial thinking is that the adversary will do things the easiest way possible. That's what led me to sneakernet. If I were the adversary in alleged-perp's situation, I'd add a social-engineering pretext, in case I got caught with the drives. Since I'm a digital preservationist, the one that immediately occurs to me is "Offsite backup. Ransomware, y'know, nasty stuff, takes out whole networks including networked backups. I'm couriering these to {plausible location}. Want me to call in when I get there?" But alleged perp would probably do better, because he's an insider and knows how things work there.

(Ransomware was definitely hitting the news in 2016 and 2017. It'd be a great pretext because of that, and because offsite airgapped backups were indeed a reasonable defense at the time. Bit more complicated now, because ransomware attackers' extortion tactics have changed.)

Really good adversarial thinkers -- I'm a tyro and an infosec outsider; I do not pretend to be especially good at this -- can work as "penetration testers," usually abbreviated "pentesters" to avoid some of the snickering. Pentesters test defenses by trying to break them, within rules of engagement agreed upon beforehand.

I'd be shocked if this CIA unit did any serious pentesting, given the lackadaisical approach to infosec laid out in the article and further explicated in several comments above. (Plus a fair few pentesters are former black-hat hackers; it might be legit hard to find a pentesting outfit with the necessary clearances.)
posted by humbug at 7:05 AM on June 8 [5 favorites]

you don't need to plan out a whole scenario to get that data out (though Schulte probably did given his propensity to hyperfixate) - you just need lax checkpointing and no real accountability for your sysadmins which, afaik, sounds about right for a government agency that's probably operating under a cybersec culture that hasn't changed since the early 00s

Schulte, as sysadmin, could've literally just spent a single day imaging a couple of hard drives for actual legitimate backup purposes (you can purchase 20 TB HDs for $400 a pop at the consumer level; he probably had two 18 TBs that he backed up onto), slipped those drives into his bag, and plugged those back in at home to work on before deciding to leak those at a later date

there have been more than a couple of news reports now of people getting prosecuted for taking their work home (not to mention the time the NSA left multiple whole ass servers up and publicly accessible on AWS) and that's within organizations whose whole purpose is cybersec; an ancillary unit of the CIA is going to be even worse with their security
posted by paimapi at 8:24 AM on June 8 [3 favorites]

If Schulte is able to manage, over successive rounds of litigation, to get a "not guilty" verdict because nobody can explain how what he's doing and how he's behaving are actually incriminating, that will really stink.

This would be hilarious actually because it's the opposite of the CSI-effect, where jurors believe that super-techs can do everything and lacking physical proof from Dr Bones or whomever in a trial is a real issue now-a-days.

They actually have all that in this case and can't explain it! Hilarious!
posted by The_Vegetables at 8:47 AM on June 8 [1 favorite]

I am pretty sure their ideal core target audience is an elderly man in slippers and a smoking jacket, holding his snifter of brandy and trying not to let his monocle fall out when he reads the shocking tales within.

Subscriber since 1987 and I can confidently say this doesn't describe me or any of my friends who subscribe.
posted by neuron at 9:25 AM on June 8 [4 favorites]

I both can and can't believe that nobody in the fed vetting process recognized what a fucking freak they had on their hands'

I mean, it's definitely a type, a pretty gross one rooted in the incel-inclined spectrum of toxic masculinity which isn't something corpos or intelligence agencies are interested in screening for (aside from mid level managers identifying with them). they see someone like that, they think 'eccentric genius' - IT is peppered with Schultes which is why there's such a huge gender imbalance

it's like a boys club except the boys ideologically hate women instead of 'just' objectifying them. that we don't identify people like him as an issue is the most banal and harmful kind of misogyny and this article pretty much just glosses over the fact that he assaulted his roommate and the various other forms of masculine toxicity evident at Schulte's workplace. it's so focused on making him out to be the one bad actor, as if the passive aggressive escalations to HR/management and adolescent nicknaming should just be normal facts of life. calling the manager 'Karen' is a red flag and so is blaming 'Karen' for this toxic kind of culture that's so super fucking common in the tech space
posted by paimapi at 9:46 AM on June 8 [4 favorites]

Metafilter: a perfectly well-gruntled person can become disaffected over time.
posted by Melismata at 10:23 AM on June 8 [2 favorites]

I always wanted to join the Drones Club.
Of course Bertie and Bingo are probably not still there. Pity.
posted by MtDewd at 3:25 PM on June 8 [4 favorites]

If sneaker net were a method under consideration, microSD cards at the time could store up to 400 GB. But, at least according to the article, it was done over the Internet, after he had been fired, using a backdoor he had put in during his employment. This was an IT, info-sec, and HR s#!*-show. These yahoos needed an active manager and an adult workplace. They got away with a lot because of the Silicon Valley frat-grammer mythology. These folk are children, often spoiled, whose BS baffles too many people.

I have no love for the CIA, but I do understand the utility it is supposed to provide in the modern world. Like any large organization it is going to be slow to react to new stimuli. But after twenty years of tech-bro blundering could they please get a bitter, detail-oriented middle-aged manager whose attitude to childishness in a top secret facility is, "GTFO. Now," to run this unit.
posted by Ignorantsavage at 3:29 PM on June 8 [4 favorites]

I'd guess that to the extent occasional cliches show up in the article it's in part due to the nature of the sourcing. As the story notes, most of the narrative about the events leading up to the trial are culled from legal documents, which don't necessarily lend themselves well to descriptive color. ("The agency declined to comment for this story, or to make any of the relevant officials available; much of this account is drawn from their trial testimony.") You can feel the zing level of the writing rise a bit when the author is quoting people he actually interviewed, like the defense attorney.

calling the manager 'Karen' is a red flag

Her name does appear to be, in fact, Karen. From that site: "The following Government witnesses will testify by true first name only; David, Sean, Michael, Amol, Matthew, Timothy, Bonnie, Michael, Karen."
posted by eponym at 4:45 PM on June 8 [2 favorites]

Real double-standard around here about how we can talk about elderly nearsighted brandy drinkers vs. white collar office workers. Luckily the former is a protected group, at least in terms of employment.

posted by aspersioncast at 4:48 PM on June 8

elderly nearsighted brandy drinkers

posted by thivaia at 7:23 PM on June 8 [6 favorites]

> This was an IT, info-sec, and HR s#!*-show. These yahoos needed an active manager and an adult workplace. They got away with a lot because of the Silicon Valley frat-grammer mythology.

I worked as a software engineer on information security projects with a large number of federal agencies for 15+ years before fucking off for a job outside of infosec a couple of years back, and one thing I can say with a high degree of confidence is that "Silicon Valley frat-grammer" types are actually highly under-represented in the federal workforce, even in the spooky shadowy agencies. Not because federal agencies don't want them, or because their hiring managers are morally pure, but because government jobs -- even the sexy and prestigious ones -- don't pay shit -- at least not compared to doing the same job in the private sector. This means that anyone who's any good at what they do, (or can fake it until they make it a la Elon Musk) probably isn't starting their career as a government employee, and almost certainly isn't staying long if they're any good, with those that do stick around and are good at what they do being mostly the kind of people who actually believe in civil service, helping the nation, etc. -- not exactly staples of the typical techbro ideology.

"But tonycpsu", you might say, "can't that federal employee just trade their federal agency badge in for one from Raytheon or General Dynamics, double their salary, and continue to work in the same roles and in many cases in the same facilities and on the same project, making the distinction between federal employee and contractor meaningless?" Well, yes, to some extent that's true. However, it's only really the rank and file hands-on work of individual contributors that gets carried out by contractors. There are of course middle managers and senior leaders at contractors, but they aren't able to set policy for how a government agency manages its infrastructure or ensure that policy is being followed. That work is generally going to fall on (again, relatively) underpaid govvies.

So in some sense, you're right -- they do need an active manager and an adult workplace where assholes don't turn Nerf battles into fistfights. But the problem is more about the boring issue of pay equity than it is about worshiping rockstar programmers.
posted by tonycpsu at 7:52 PM on June 8 [4 favorites]

elderly nearsighted brandy drinkers


George Smiley : "I've been reviewing my situation in the last half-hour of hell, and I've come to a very grave decision. After a lifetime of living by my wits, and on my memory, I shall give myself up full-time to the profession of forgetting. I'm going to put an end to some emotional attachments with have long outlived their purpose. Namely the Circus, this house, my whole past. I shall sell up and buy a cottage, in the Cotswolds, I think. Steeple Aston sounds about right. Do I need overnight things?

Peter Guillam : I'm not taking any.

George Smiley : There I shall establish myself as a mild eccentric. Discursive, withdrawn, but posessing one or two lovable habits, such as muttering to myself as I bumble along innocent pavements. I shall become an oak of my own generation"

how this guy passed a polygraph is beyond me.
posted by clavdivs at 7:59 PM on June 8 [4 favorites]

"But tonycpsu," I would say, "while I do not doubt or question your experience or analysis of the situation at large, this particular cluster seems to be the result of embracing the mythology that programmers need to be able to cut loose with Nerf fights in the middle of the day and should be indulged in their immature BS so that they can be creative."

I would not, nor could I in good faith, argue that this article points to a larger endemic problem. With the tunnel vision of this article and legal case I feel like an old codger mumbling about, 'kid's today,' when my issues are really; a) don't hire the anti-social personality afflicted for any kind of sensitive government work and b) Facebook and Google are not good workplace models for this (or possibly any) kind of work. Things I think the CIA did indeed do for this unit. Issue a) is just a pipe-dream on my part, I know, but issue b) seems reasonable to me. As your critique points out, this is not the case in other government tech work. As far as the pay disparity, yeah the deeper issues of resource distribution in our society and civil service remuneration in particular are big issues that should be addressed. They may be beyond the scope of this particular discussion.
posted by Ignorantsavage at 1:01 PM on June 11 [1 favorite]

« Older Your search for an octopus busk mender is finally...   |   Is Every Game of Slay the Spire Winnable? Newer »

This thread has been archived and is closed to new comments